Skip to main content
Create or update a GitHub Actions secret on a repository without leaving the terminal. The command resolves the target repository from the origin remote in .git/config in the current directory, reads your saved token, and hands the value to gh secret set, which encrypts it locally before uploading. When it finishes, it prints the repository’s settings URL where the secret can be seen.
This command shells out to the GitHub CLI (gh), so gh must be installed and on your PATH. It performs the local encryption GitHub requires before the secret is sent.
Pushing a secret requires a GitHub token saved with github:credentials:create. The token is read from ~/.talos/credentials/github.yml and passed to gh through GH_TOKEN, so it authenticates with your stored token rather than a separate gh auth login.

Usage

talos github:secret:push [options]
Run this from inside the repository whose secret you want to set — the owner/repo slug is taken from that repository’s origin remote.

Examples

Run with no flags to be prompted for the secret name and value (the value input is hidden):
talos github:secret:push
Provide the name and value non-interactively (useful in CI):
talos github:secret:push --name=DOCKER_TOKEN --value="$DOCKER_TOKEN"

Options

OptionDescriptionDefault
--nameName of the GitHub Actions secret to create or update.Prompted if omitted
--valueValue to store for the secret.Prompted (hidden) if omitted
--silentSuppress the spinner, success message, and settings URL.false
The repository is always resolved from the origin remote in .git/config — HTTPS (https://github.com/owner/repo.git) and SSH (git@github.com:owner/repo.git) remotes are both reduced to the owner/repo slug. The command fails if it cannot find a GitHub token, cannot determine the repository from .git/config, or gh secret set returns an error. This is a convenient way to populate the CI secrets referenced throughout deployment — for example DOCKER_TOKEN, NPM_TOKEN, or PROD_SSH_KEY.